Description
Some RBAC tests (that make use of the bindGroup() function) are erroring when trying to create the role in pre-7.0 server versions:
unexpected status code: request failed PUT http://test-couchbase-85jh2-0000.test-couchbase-85jh2.test-2cbnd.svc:8091/settings/rbac/groups/bucket-role 400 Bad Request: {\"errors\":{\"roles\":\"Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined: [data_reader]\"}} |
This is happening in all tests that make use of the function, for example TestRBACWithBucketScopedRolePre7.
The same test passes in post-7.0, so I suspect that the ScopeRoleSpec or CollectionRoleSpec are being passed on and creating a malformed request in the eyes of 6.6.x (which does not understand collections or scopes.)
Hey Roo Thorp,
I think this is because we added the scope_name and collection_name field to the UserRole model that gets serialized for the Couchbase API (/pkg/util/couchbaseutil/types.go) and it looks like we forgot the omitempty to the field tags.So after more digging, this doesn't seem to be the case. I don't see any reason why this would happen, could you turn on debug mode for the operator and give me some better output? It looks like the bucket is being left off the role definition, which doesn't seem possible.
I spun up a 6.6.5 and a 7.0.3 cluster and reproduced the call that would generate your error:
as you can see this leaves off the bucket definition in the request and results in your exact error message. And to be clear, this request fails on both 6.6.5 and 7.0.3, so I'm not sure why the POST 7.0.0 test works and the PRE 7.0.0 test fails.
So can you dig a bit deeper and see if you can provide me a set of logs for this error i can comb over?
Thanks,
Justin Ashworth